Analysis
-
max time kernel
21s -
max time network
150s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:36
General
-
Target
71636a7b66ba00dcbec4cd27d0cb0c51.exe
-
Size
212KB
-
MD5
71636a7b66ba00dcbec4cd27d0cb0c51
-
SHA1
7532e048d11711d07e5e43c889c4ba2c5dad8ffb
-
SHA256
e4d422f3cdbfd7c2455e563222ecc5fbd3c24f467d06e6b8944534788f0c9b57
-
SHA512
74552045c80ec9cb8c4b8ff23dfb997943eb5fcabd88d422c3260cedcf937593f43b45d995a10f21aab7a3a2cb3f7ab6ff69d68421da4e4642c24bbbda363604
Score
10/10
Malware Config
Extracted
Family
dridex
Botnet
40400
C2
38.88.126.131:443
145.239.169.32:8443
163.172.7.152:443
45.79.135.98:691
rc4.plain
rc4.plain
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 1 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\71636a7b66ba00dcbec4cd27d0cb0c51.exe"C:\Users\Admin\AppData\Local\Temp\71636a7b66ba00dcbec4cd27d0cb0c51.exe"1⤵
- Checks whether UAC is enabled
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3576-0-0x0000000000E30000-0x0000000000E5B000-memory.dmpFilesize
172KB